Vulnerability Details : CVE-2017-6074
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2017-6074
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-6074
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-6074
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-6074
-
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-6074
-
http://www.debian.org/security/2017/dsa-3791
Debian -- Security Information -- DSA-3791-1 linuxThird Party Advisory
-
https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
dccp: fix freeing skb too early for IPV6_RECVPKTINFO · torvalds/linux@5edabca · GitHubIssue Tracking;Patch;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2017-0345.html
RHSA-2017:0345 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securitytracker.com/id/1037876
Linux Kernel DCCP Double-Free Memory Error Lets Local Users Obtain Root Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
http://rhn.redhat.com/errata/RHSA-2017-0323.html
RHSA-2017:0323 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.exploit-db.com/exploits/41458/
Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege EscalationThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/41457/
Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free (PoC)Third Party Advisory;VDB Entry
-
http://rhn.redhat.com/errata/RHSA-2017-0347.html
RHSA-2017:0347 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:0932
RHSA-2017:0932 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.tenable.com/security/tns-2017-07
[R6] Tenable Appliance 4.5.0 Fixes Multiple Vulnerabilities - Security Advisory | Tenable®Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2017/02/22/3
oss-security - Linux kernel: CVE-2017-6074: DCCP double-free vulnerability (local root)Mailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2017-0316.html
RHSA-2017:0316 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2017-0501.html
RHSA-2017:0501 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2017-0366.html
RHSA-2017:0366 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://source.android.com/security/bulletin/2017-07-01
Third Party Advisory
-
http://www.securityfocus.com/bid/96310
Linux Kernel CVE-2017-6074 Local Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://rhn.redhat.com/errata/RHSA-2017-0295.html
RHSA-2017:0295 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CPU July 2018Patch;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2017-0324.html
RHSA-2017:0324 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2017-0346.html
RHSA-2017:0346 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2017-0365.html
RHSA-2017:0365 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2017-0294.html
RHSA-2017:0294 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:1209
RHSA-2017:1209 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2017-0403.html
RHSA-2017:0403 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2017-0293.html
RHSA-2017:0293 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Jump to